Majority of Web applications run on JavaScript. If you are a front-end developer, chances that you use JavaScript in your code. JavaScript plays a major role in implementing logic and interactive components in web applications. You can’t even see this post without JavaScript. There are many security related issues when it comes to web applications and there are many methods to overcome from these issues as well.
- SQL Injection
- Cross-site Scripting (Cross Site Request Forgery(CSRF))
But there are many security related issues unique to javaScript which can be exploited by the attackers
Dynamic typing
JavaScript variables can refer to objects of different types. A variable can refer to a number, a string, or an object, depending on the flow of control. When you look at the code, you do not always know the types of your variables. It may lead to unintentional information disclosure or other security issues.
Dynamic code execution
JavaScript programs can invoke the JavaScript engine at runtime. It sounds like a really powerful feature, and it is. Also, this is what attackers dream about: the ability to inject their code into your application.
Prototype Pollution
JavaScript has a pretty unusual inheritance mechanism. Instead of expressing static relationships between classes, the same goal is achieved by building dynamic relationships between objects. If attackers can modify the objects forming the prototype chain, they may alter the behavior of your code in unforeseen ways